try.directtry.direct
+(373) 60 775 719

Dashboard

/

Home

/

Applications

/

WireGuard

WireGuard icon

WireGuard

What is WireGuard


WireGuard is a modern cross-platform VPN. It is known for its high speed, simplicity, and effort to become even faster and more straightforward. WireGuard is believed to be the main competitor of OpenVPN. Here are the main power points WireGuard creators are proud of:

  • The latest cryptography: Noise protocol framework, ChaCha20, Curve25519, BLAKE2, SipHash24, HKDF, Poly1305, etc.
  • Easy configuration and deployment due to exchanging the simplest public keys.
  • Easily auditable for security vulnerabilities

What does the WireGuard stack include

A basic WireGuard stack environment is built using Docker Compose. WireGuard requires server and client setup. Server side includes:

  • WireGuard docker container
  • Post-configured iptables
  • Config files synced to the host machine

Who is using WireGuard

  • Software developers
  • System/Network Administrators
  • DevOps engineers
  • Common users

What are the benefits of using dockerized WireGuard stack

  • The quickest and most simple way to start using VPN
  • Easy upgrade to the latest version provided by Docker
  • Painless app migration between cloud providers
  • Secure servers updates

Number of servers required: 1 VPS

VPN Client Configuration


Mobile device

To configure WireGuard on your mobile device, scan the QR code that’s attached to the deployment notification email called peer1.png


Ubuntu Linux PC

sudo apt-get install wireguard

1. Copy config file from email attachment */peer1/peer1.conf to /etc/wireguard/wg0.conf

sudo cp ./peer1/peer1.conf /etc/wireguard/wg0.conf

2. Start WireGuard with the following command:

sudo wg-quick up wg0

3. Check the WireGuard status by executing the following command:

sudo wg

How to register more VPN users

If you want to add additional VPN clients, you can increase the PEERS parameter in the docker-compose.yml file on the VPN server. After changing this value, you will need to restart the docker container with the --force-recreate parameter. For that, use the command below:

docker-compose up -d --force-recreate

Windows PC

The things you need to get started:

  • A running WireGuard server
  • Admin rights on a computer with Windows 10 (for the versions below 0.3.1)

When ready, follow the steps below:


Client download

Download the WireGuard client from the official website - https://www.wireguard.com/install/



image

Installation and configuration

Click the arrow next to “Add tunnel” and then select the “Add empty tunnel” option from the drop-down menu.


image

The public and private keys will be created automatically.



image

Now it’s time to connect WireGuard to your server.


Configuration expansion

1. Update the configuration file to look like the example below:

[Interface]
PrivateKey = abcdefghijklmnopqrstuvwxyz1234567890=+
Address = 10.0.0.3/24
DNS = 1.1.1.1, 1.0.0.1
[Peer]
PublicKey = YOUR_SERVER_PUBLIC_KEY
AllowedIPs = 0.0.0.0/0
Endpoint = YOUR_SERVER_WAN_IP:51820

Note! Don’t forget to replace YOUR_SERVER_PUBLIC_KEY and YOUR_SERVER_WAN_IP and make sure your Address is set to a unique IP address on your VPN.

Find below an example of what it can look like:



image

2. Check the Block non tunneled traffic option in the window’s lower-left corner to ensure your traffic is routed through your VPN.


Adding the client public key to your server

  1. Skip the option Activate on the next screen and add your key through the wg set command.
  2. Run the following command on your server:
sudo wg set wg0 peer YOUR_CLIENT_PUBLIC_KEY allowed-ips YOUR_CLIENT_VPN_IP

Note! Replace YOUR_CLIENT_PUBLIC_KEY and YOUR_CLIENT_VPN_IP.


Connection testing

1. Click the Activate button on your Windows 10 machine. Here is what a successful connection will look like:



image

2. Now check your connection on dnsleaktest.com. All DNS tests should come back using “CloudFlare” if you followed the guide strictly.

3. Test the DNS Leak with both active and inactive WireGuard VPN and analyze the results.

4. Test your connection’s speed on fast.com. You can fix an occasional sharp speed decrease by setting up a server in a region that is close to your usual location.

Now you’re ready to go. We wish you success in using WireGuard at its full capacity.


Useful links

https://github.com/WeeJeWel/wg-easy - install & manage WireGuard on any Linux host!
https://www.wireguardconfig.com/ - Wireguard Config Generator
https://github.com/subspacecommunity/subspace - simple WireGuard VPN server GUI
https://client.pritunl.com/ - Free and open source cross platform OpenVPN client

Companion apps

Usually installed alongside
Fail2ban
Fail2ban

Fail2ban scans log files and bans IPs that show the malicious signs. Highly recommended for simple VPS server setup

Custom Optimization
Custom Optimization

Get DevOps Support Hourly
By selecting this service, you will have priority access to the development team for optimizing and upgrading your stack.
Contact info@try.direct for more information or Hire an expert directly to make post-installation adjustments on an hourly basis. Browse other available services.

Portainer CE

Portainer is a lightweight management UI that allows you to easily manage your different Docker environments (Docker hosts or Swarm clusters)